Gentoo Archives: gentoo-project

From: desultory <desultory@g.o>
To: gentoo-project@l.g.o, "Andreas K. Huettel" <dilfridge@g.o>
Cc: Matthew Thode <prometheanfire@g.o>
Subject: Re: [gentoo-project] pre-GLEP: Gentoo OpenPGP web of trust
Date: Sat, 02 Feb 2019 06:02:42
Message-Id: e8b9acd8-f082-54aa-b6a4-f48521deb625@gentoo.org
On 02/01/19 07:47, Andreas K. Huettel wrote:
>> >> I don't see anything in glep 76 about requiring verification of the >> signatures. It's my view (as trustee) that assertation by the signer >> that 'this is my signature' is sufficient. > > ^ This. > > It's not our business to check IDs, and it's not our business to stalk people > on google or facebook. >
True, even according to GLEP 76.
> Now if someone says "Here's my name, and actually it is a fake name", then > that is a reason to refuse commit rights or patch acceptance, and probably ask > for some sort of verification when another name is then given. >
False, though that falsehood drove acceptance of GLEP 76.
> (That behaviour is roughly as intelligent as walking up to the security guy at > the airport and claiming loudly "I have a bomb in my luggage.") > As with your previous assertion, this is false, it is also pointlessly
hyperbolic.
> Apart from that, I dont think we should care. >